Alerts

An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0 and 10.0 and 10.1. A Cross-Site Scripting (XSS) vulnerability in the Zimbra Classic UI allows attackers to execute arbitrary...

In JetBrains TeamCity before 2025.03.3 a DOM-based XSS at the Performance Monitor page was possible

In JetBrains TeamCity before 2025.03.3 reflected XSS on the favoriteIcon page was possible

In JetBrains TeamCity before 2025.03.3 reflected XSS on diskUsageBuildsStats page was possible

In JetBrains TeamCity before 2025.03.3 usernames were exposed to the users without proper permissions

In JetBrains TeamCity before 2025.03.3 reflected XSS in the NPM Registry integration was possible

gateway_proxy_handler in MLflow before 3.1.0 lacks gateway_path validation.

xdg-open in xdg-utils through 1.2.1 can send requests containing SameSite=Strict cookies, which can facilitate CSRF. (For example, xdg-open could be modified to, by default, associate...

Password Vulnerability in NCR Terminal Handler v.1.5.1 allows a remote attacker to execute arbitrary code via a crafted script to the UserService SOAP API function.

An issue in NCR Terminal Handler v1.5.1 allows low-level privileged authenticated attackers to arbitrarily deactivate, lock, and delete user accounts via a crafted session cookie.